EDK2: heap buffer overflow in Tcg2MeasurePeImage()

A heap-based buffer overflow flaw was found via the Tcg2MeasurePeImage function in EDK2. Successful exploitation requires a local attacker to trigger an integer overflow in the calculation of the EventSize variable at DxeTpm2MeasureBootLib.c, leading to the heap-buffer overflow, presenting a...

EDK2: heap buffer overflow in Tcg2MeasurePeImage()

A heap-based buffer overflow flaw was found via the Tcg2MeasurePeImage function in EDK2. Successful exploitation requires a local attacker to trigger an integer overflow in the calculation of the EventSize variable at DxeTpm2MeasureBootLib.c, leading to the heap-buffer overflow, presenting a...

OESA-2024-1314 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful...

SUSE CVE-2022-36764

EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

UBUNTU-CVE-2022-36764

EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

Windows Inject PE Files, Bind IPv6 TCP Stager (Windows x86)

Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...

Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File

We have encountered a Windows kernel crash in nt!MiOffsetToProtos while trying to load a malformed PE image into the process address space as a data file i.e. LoadLibraryExLOADLIBRARYASDATAFILE | LOADLIBRARYASIMAGERESOURCE. An example crash log generated after triggering the bug is shown below: -...

Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File

We have encountered a Windows kernel crash in CI!HashKComputeFirstPageHash while trying to load a malformed PE image into the process address space as a data file i.e. LoadLibraryExLOADLIBRARYASDATAFILE | LOADLIBRARYASIMAGERESOURCE. An example crash log generated after triggering the bug is shown...

Shellter v1.7 - Dynamic ShellCode Injector Tool

Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created. It can be used in order to inject shellcode into native Windows applications currently 32-bit apps only. The shellcode can be something yours or something generated through a framework, such a...